How DRE and TCP Optimization Work Together

When DRE is configured, the TCP traffic is intercepted and it’s separated into three connections:

TCP connections in the Local Area Network (LAN) continue to send the original data. However, TCP connections through the Cisco Catalyst SD-WAN overlay tunnel send data that is compressed by DRE. The DRE container in the Cisco IOS XE Catalyst SD-WAN device at one side of the tunnel compresses the data before it’s sent over the overlay tunnel. The DRE container in the Cisco IOS XE Catalyst SD-WAN device at the other side of the tunnel decompresses the data before it's sent to the server at the remote branch or data center side.

Components of DRE

DRE Cache: DRE cache uses secondary storage so that it can store a large amount of data. DRE cache is stored on both sides of the WAN and is used by edge devices to decompress the data. DRE cache in both devices (branch and data center) is synchronized, which means that if a chunk signature is present on one side, the other side has it too.

DRE Compression: DRE uses the Lempel-Ziv-Welch (LZW) compression algorithm for compressing data. DRE operates on large streams of data, typically tens to hundreds of bytes or more, and maintains a much larger compression history.

How Cisco Catalyst 8000V Works on Cisco UCS E-Series Servers

• You can install VMware vSphere ESXi 6.7 hypervisors on UCS-E series server modules that reside in Cisco 4000 Series ISR and Cisco Catalyst 8000 Series Edge Platforms.

• You can then install Cisco Catalyst 8000V on these servers.

• The installed Cisco Catalyst 8000V instances should be configured with the app-heavy profile. This ensures that more cores are allocated to the service plane. The app-heavy profile separates service plane and data plane cores, therefore improving service plane performance.

Configure the following recommended parameters from Cisco Integrated Controller Manager (IMC). Ensure that you configure these before installing the hypervisor because some of the settings may require disk formatting.

For information about deploying a Cisco Catalyst 8000V on different platforms, see the following:

• Deploy Cisco Catalyst 8000V on AWS

• Deploy Cisco Catalyst 8000V on Microsoft Azure

• Deploy Cisco Catalyst 8000V on GCP

For deploying Cisco Catalyst 8000V on AWS, Azure, or GCP platforms, include a cloud-init configuration and attach the secondary disk during deployment.

Prerequisite

Download the DRE container image from Cisco software downloads page. To download the DRE container image navigate to Catalyst 8000V Edge Software page and select IOS XE SD-WAN Software. You can use the same container image across the Cisco 8000 platform.

Upload the Container Image to Cisco SD-WAN Manager

1. From the Cisco SD-WAN Manager menu, choose Maintenance > Software Repository.

2. Click Virtual Images.

3. Under Upload Virtual Image, choose Manager.

4. Browse to the downloaded container image on your local machine, and then click Upload.

   When the upload is complete, the image appears in the Virtual Images window.

Upgrade DRE Container Virtual Image

To upgrade the container image, see Upgrade Software Image on a Device.

Configure AppQoE Template for DRE

1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

2. Click Feature Templates and then click Add Template.

   Note	In Cisco vManage Release 20.7.1 and earlier releases Feature Templates is called Feature.

3. From the Selected Devices list, choose a device that is supported for DRE.

4. Under Other Templates, click AppQoE.

5. Enter Template Name and Description.

6. Choose on of the following device roles:

   • Controller: Choose Controller if you want to configure the device as a controller with an integrated service node. For devices that support an integrated service node, the Enable checkbox is available. This option is grayed out for devices that don't support the integrated service node functionality.

   • Service Node: Choose the Service Node option if you want to configure the device as an external service node. The External Service Node check box is enabled by default.

     The Service Node option is not visible if the device that you chose cannot be configured as an external service node.

7. Under Advanced, enable DRE Optimization.

8. Note	The Resource Profile field is applicable for DRE profiles. The DRE profiles feature was introduced in Cisco IOS XE Catalyst SD-WAN Release 17.6.1a. Therefore, this option is not available in previous releases.

   (Optional) In the Resource Profile field, choose Global from the drop-down list. Next, choose a profile size from the options available.

   If you don't configure the Resource Profile, the default DRE profile size for the device is applied. For more information on the default profiles, see Supported DRE Profiles.

9. (Optional) To optimize HTTPS, FTPS, or any other encrypted traffic, enable SSL Decryption.

   Note	If you enable SSL Decryption, you must configure an SSL/TLS decryption security policy so that the TLS service can decrypt the traffic before it is sent to the DRE container, and then encrypted again after the traffic is optimized.

10. Click Save.

Configure CA for SSL Proxy

To configure certificate authority for SSL proxy, see Configure CA for SSL/TLS Proxy.

Configure Security Policy for SSL Decryption

1. From the Cisco SD-WAN Manager menu, choose Configuration > Security.

2. Click Add Security Policy.

3. Choose Application Quality of Experience and click Proceed.

4. Click Add TLS/SSL Decryption Policy and choose Create New.

5. Click Enable SSL Decryption. Alternatively, toggle the SSL Decryption option to enable it.

6. Enter Policy Name and other requested details.

7. Click Save TLS/SSL Decryption Policy. Your new policy appears in the window.

8. Click Next.

9. Enter Security Policy Name and Security Policy Description.

10. To view the CLI configuration for the policy, click Preview. Otherwise, click Save.

For the DRE configuration to take effect, attach the AppQoE policy with DRE enabled, to the device template of the device for which you created the AppQoE policy with DRE.

1. To create a new device template or update an existing one, see Create a Device Template from Feature Templates

2. In the Additional Templates area, for AppQoE, choose the template you created in the Configure AppQoE Template for DRE section.

Note	To deactivate the DRE service, detach the AppQoE template from the device template.

1. From the Cisco SD-WAN Manager menu, choose Configuration > Policies.

2. Under Centralized Policy, click Add Policy.

   Note	For more information, see Configure Centralized Policies Using Cisco SD-WAN Manager.

3. In the policy configuration wizard, click Next until you are on the Configure Traffic Rules window.

4. Click Traffic Data, and then click Add Policy.

5. Enter a name and description for your policy.

6. Click Sequence Type and from the Add Data Policy dialog box, choose Custom.

7. Click Add Sequence Rule.

8. Under the Match option, you can choose any match conditions that are applicable to a data policy, such as, Source Data Prefix, Application/Application Family List, and so on.

9. Under the Actions option, choose Accept. Choose TCP Optimization and DRE Optimization from the options.

   From Cisco Catalyst SD-WAN Manager Release 20.14.1, AppQoE clusters can handle both IPv4 and IPv6 traffic.

   Note	Not all actions are available for all match conditions. The actions available to you depend on the match conditions you choose. For more information, see Configure Traffic Rules.

10. Click Save Match And Actions.

11. Click Save Data Policy.

12. Apply the centralized data policy to the edge devices at the sites between which DRE optimization should be triggered for traffic flows. For more information, see Apply Policies to Sites and VPNs.

13. Activate the centralized policy. For more information, see Activate a Centralized Policy.

Before You Begin

Insert the UCS E-Series server module into the supported device and connect two interfaces (TE2 and TE3) from the front panel. For more information, see UCS-E Series Servers Hardware Installation Guide.

Configure UCS E-Series Server on the Supported Router

The following is sample configuration to enable UCS E-Series server on a supported router:

Device(config)# ucse subslot 1/0
Device(config-ucse)# imc access-port shared-lom <ge1/te2/te3>
Device(config-ucse)# imc ip address 10.x.x.x 255.x.x.x default-gateway 10.x.x.x
Device(config-ucse)# exit
Device(config)# interface ucse1/0/0
Device(config-if)# ip address x.x.x.1 255.255.255.0

Before You Begin

• Install the hypervisor on the UCS-E server module.

• Download the Cisco Catalyst 8000V 17.6.1 OVA file from the Cisco software download page for Cisco IOS XE Catalyst SD-WAN Release 17.6.1a, and install it..

Configure IP Addresses for Cisco Catalyst 8000V

Device(config)# interface GigabitEthernet1
Device(config-if)# description Mgmt
Device(config-if)# ip addeess x.x.x.x x.x.x.x 
Device(config)# int GigabitEthernet2
Device(config-if)# description WAN-CONTROLLER
Device(config-if)# ip address x.x.x.x x.x.x.x 
Device(config-if)# exit
Device(config)# int GigabitEthernet3
Device(config-if)# description UCSE-INTF
Device(config-if)# ip addeess x.x.x.x x.x.x.x

Before You Begin

Cisco Catalyst 8000V instances on UCS E-Series servers should be configured with the app-heavy resource allocation profile. This profile allows the Cisco Catalyst 8000V instances to participate in DRE optimization. Ensure to reload the device in order to apply the core allocation.

The following example shows how to configure a device as app-heavy using the Cisco SD-WAN Manager CLI Add-on feature template:

Device(config)# platform resource app-heavy

Enable DRE Optimization for Cisco Catalyst 8000V Instances

1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

2. Click Feature Templates and then click Add Template.

   Note	In Cisco vManage Release 20.7.1 and earlier releases Feature Templates is called Feature.

3. From the Selected Devices list, choose C8000v.

4. Under Other Templates, click AppQoE.

5. Enter Template Name and Description.

6. Choose the Service Node option.

7. Under the Advanced section, enable DRE Optimization.

8. Click Save.

Add UCS E-Series Server Configuration in Cisco SD-WAN Manager

In Cisco SD-WAN Manager, create a CLI Add-on feature template and update it with UCS E-Series server configuration.

The following is sample configuration for UCS E-Series servers that can be added to the CLI Add-on feature template:

ucse subslot 1/0
imc access-port shared-lom te2
imc ip address 10.x.x.x 255.x.x.x default-gateway 10.x.x.x

interface ucse1/0/0
vrf forwarding 5

Option 1: Configure Service Controller as the Cluster Type

1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

2. Click Feature Templates and then click Add Template.

   Note	In Cisco vManage Release 20.7.1 and earlier releases Feature Templates is called Feature.

3. In the Selected Devices list, choose the router that has Cisco Catalyst 8000V deployed on its UCS E-Series server.

4. Under Other Templates, click AppQoE.

5. Enter Template Name and Description.

6. Leave the Integrated Service Node check box unchecked.

7. In the Controller IP address field, enter the IP address of the controller.

   Alternatively, choose Default from the drop-down list. The AppQoE controller address is chosen by default.

8. In the Service VPN field, enter the service VPN number.

   Alternatively, choose Default from the drop-down list. The AppQoE service VPN is chosen by default.

9. In the Service Nodes area, click Add Service Nodes to add service nodes to the AppQoE service node group.

10. Click Save.

11. Attach the following to the device template of the router that has Cisco Catalyst 8000V deployed on its UCS E-Series server:

    • CLI Add-on feature template with the UCS E-Series server configuration

    • AppQoE feature template

    For the DRE service to be enabled, bring up DRE on the Cisco Catalyst 8000V instance configured as the integrated service node separately. For more information, see Enable DRE Optimization.

Option 2: Configure Hybrid as the Cluster Type

Routers that have Cisco Catalyst 8000V instances deployed on their UCS E-Series servers can be configured with cluster types as service-controllers or hybrid.

1. From theCisco SD-WAN Manager menu, choose Configuration > Templates.

2. Click Feature Templates and then click Add Template.

   Note	In Cisco vManage Release 20.7.1 and earlier releases Feature Templates is called Feature.

3. From the Selected Devices list, choose the router that has Cisco Catalyst 8000V deployed on its UCS E-Series server.

4. Under Other Templates, click AppQoE.

5. Enter Template Name and Description.

6. For the Integrated Service Node field, check the Enable check box.

7. Click Save.

8. Create a CLI template to add the cluster-type hybrid configuration.

   The following is a sample configuration to configure the cluster type as hybrid on the router that has Cisco Catalyst 8000V deployed on its UCS E-Series server:

   interface VirtualPortGroup2
    vrf forwarding 5
    ip address 192.168.2.1 255.255.255.0
   
   interface ucse1/0/0
    vrf forwarding 5
    ip address 10.40.17.1 255.255.255.0 
   service-insertion service-node-group appqoe SNG-APPQOE
    service-node 192.168.2.2
   service-insertion service-node-group appqoe SNG-APPQOE1
    service-node 10.40.17.5
   !
   service-insertion appnav-controller-group appqoe ACG-APPQOE
    appnav-controller 10.40.17.1 vrf 5
   
   service-insertion service-context appqoe/1
    cluster-type hybrid
    appnav-controller-group ACG-APPQOE
    service-node-group SNG-APPQOE
    service-node-group SNG-APPQOE1
    vrf global
    enable
   

9. Attach the following to the device template of the router that has Cisco Catalyst 8000V deployed on its UCS E-Series server:

   • AppQoE feature template

   • CLI Add-on feature template with the UCS E-Series server configuration

   • CLI template with the hybrid cluster configuration

   For the DRE service to be enabled, bring up DRE on the Cisco Catalyst 8000V instance configured as integrated service node separately. For more information, see Enable DRE Optimization.